AFP / Netatalk is back via Docker (kinda)


jeremyn

Recommended Posts

I'm  a straight up newbie at creating Docker containers. However, I got frustrated at the removal of AFP from Unraid so after some hours of banging my head against the wall I was able to create an insanely basic netatalk docker for Unraid. (Docker experts could have created this in less than a minute, but like I said, I'm a total newbie and it took me a while to figure all this out). I don't want to publish it to CA, since it's about as simplistic as you can get, and it's completely insecure in its current form. This is because I could not figure out how to set up or pass through authentication from Unraid. That kind of thing is way over my head. 

I have my reasons why I need AFP over SMB, please don't argue I need to move on. I'm aware it's depreciated by both Apple and unraid. But I have reasons to use it on my unraid server. 

The reason for this post is three fold:
1) I know I'm not the only person to miss AFP in Unraid. So to those of you wondering if it's possible to get it working again, I can confirm it is.
2) I would love to make this Docker Container more secure, and I need help.

3) I'd love for somebody to take this over and even create a webUI for it. Hey I can dream!

 

Rather than posting a completely insecure Docker to Community Applications, I'm posting the Docker Container XML here so people can make suggestions on how to make it more secure. Specifically how to pass the SMB and/or NFS user/group/folder permissions over to AFP. The irony is that this has all been figured out for years but was purged from unraid. So maybe its as simple as somebody posting how unraid integrated these in the past. 

 

Attached is the XML that will configure a docker that enables AFP access with full read/write access your mnt/user root to guest AFP users. (I told you it was insecure!)

 

What I've learned so far,  adding the command  "--volume /mnt/user/appdata/netatalk/afp.conf:/etc/afp.conf" to Extra Parameters will override the default afp.conf with a custom afp.conf you can create in /appdata/netatalk And I was able to restrict users and do some other things in there, but I could never figure out how to properly authenticate, either to a password in the clear in that file, or better to the Unraid user name and password. 

 

The netatalk docker also has some authentication functionality, but I could not seem to figure out how to get that to work either.

 

Please help.

netatalk.xml

Edited by jeremyn
Link to comment

I did that, but I can't seem to translate that over to how the netatalk docker works. But again, most of this is way over my head. And volume mapping isn't my biggest problem, it's permissions. I need to figure out how to honor a login and password. As it sits, only guest works and it's wide open.

Edited by jeremyn
Link to comment

With regards to the performance of AFP/Netatalk vs SMB. I'm shocked how much better the overall experience of AFP is compared to SMB. I'm connected to my server via 10Gb ethernet, and the throughput of a single transaction (copying a large single file for example) once established, is slightly faster on SMB, but everything else is SO laggy on SMB. Specifically opening directories, or working with a lot of small files.

 

I just did a test: I tried copying a single steam game with 6,660 files inside total file size 37GB from internal SSD to SMB share and AFP share. The SMB estimate was 3 days (each file takes about 20 sec to get started, then goes relatively fast, rinse-repeat 6,600 times). AFP was able to copy the same folder from the same source to the same destination in 14 min.

Edited by jeremyn
  • Like 1
Link to comment
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.